What is a Network Access Control (NAC) meant for?

Network Access Control (NAC) is an approach to computer security attempting to unify endpoint security technology, user or system authentication and network security enforcement.

It uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process into the network systems, allowing the network infrastructure (such as routers, switches and firewalls) to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.

What level of control?

Only checking the end user is not enough. It is thus necessary to check the device itself knowing that it is the most vulnerable when requesting access to the network. As a matter of fact, NAC represents a new step in the definition of network access criteria.

Cyberattacks strategies have evolved. Computers and other kind of devices are fully capable of initiating malicious processes autonomously. When NAC is running an admission control, it controls the user, it authenticates the computer and it also adds profile control to the computer.

The different components of NAC protocol

NAC is a device including three main sub players:

A network access point’s control protocol

A network security policy server

A trust agent

What happens when a machine is trying to access the network?

Access point queries the agent and transmits the access request with information about security posture on security policy server

If policy is consistent, the computer receive address and accesses to VLAN

If the infrastructure is outdated, it can be quarantined

In the case of quarantine, previous saves could help to restore the computer and its data

What reaction in case of attack?

Following the classic process, integrity control has to be completed while the computer is being connected to the network. If the machine is infected or if it doesn’t provide you with the level of security you want to achieve, NAC is allowed to:

Quarantine the machine if it is not reliable and evaluate the seriousness of the attack

An unknown existing element already implemented on the network that represents a high risk for the computer and for the whole infrastructure

Productivity is about efficiency. In order to be productive, end users need to work with secure and efficient infrastructure protecting data and privacy. Indeed controls have to be performed when the computer or the device used is the most vulnerable; when accessing networks. This is the ultimate goal of a NAC solution.